From e7fe30e20195b29dd61a397fd9669cb58097a18b Mon Sep 17 00:00:00 2001 From: Nex Date: Thu, 16 Jun 2022 15:18:50 +0200 Subject: [PATCH] Refactoring cli commands for iOS too --- mvt/android/cli.py | 6 +- mvt/ios/cli.py | 98 ++++--------------- mvt/ios/cmd_check_backup.py | 25 +++++ mvt/ios/cmd_check_fs.py | 25 +++++ mvt/ios/modules/backup/backup_info.py | 8 +- .../modules/backup/configuration_profiles.py | 6 +- mvt/ios/modules/backup/manifest.py | 8 +- mvt/ios/modules/backup/profile_events.py | 6 +- mvt/ios/modules/base.py | 12 +-- mvt/ios/modules/fs/analytics.py | 6 +- mvt/ios/modules/fs/cache_files.py | 10 +- mvt/ios/modules/fs/filesystem.py | 12 +-- mvt/ios/modules/fs/net_netusage.py | 6 +- mvt/ios/modules/fs/safari_favicon.py | 6 +- mvt/ios/modules/fs/shutdownlog.py | 6 +- mvt/ios/modules/fs/version_history.py | 6 +- mvt/ios/modules/fs/webkit_base.py | 2 +- mvt/ios/modules/fs/webkit_indexeddb.py | 6 +- mvt/ios/modules/fs/webkit_localstorage.py | 6 +- .../modules/fs/webkit_safariviewservice.py | 6 +- mvt/ios/modules/mixed/calls.py | 6 +- mvt/ios/modules/mixed/chrome_favicon.py | 6 +- mvt/ios/modules/mixed/chrome_history.py | 6 +- mvt/ios/modules/mixed/contacts.py | 6 +- mvt/ios/modules/mixed/firefox_favicon.py | 6 +- mvt/ios/modules/mixed/firefox_history.py | 6 +- mvt/ios/modules/mixed/idstatuscache.py | 6 +- mvt/ios/modules/mixed/interactionc.py | 6 +- mvt/ios/modules/mixed/locationd.py | 6 +- mvt/ios/modules/mixed/net_datausage.py | 6 +- mvt/ios/modules/mixed/osanalytics_addaily.py | 6 +- mvt/ios/modules/mixed/safari_browserstate.py | 8 +- mvt/ios/modules/mixed/safari_history.py | 8 +- mvt/ios/modules/mixed/shortcuts.py | 6 +- mvt/ios/modules/mixed/sms.py | 6 +- mvt/ios/modules/mixed/sms_attachments.py | 6 +- mvt/ios/modules/mixed/tcc.py | 6 +- .../mixed/webkit_resource_load_statistics.py | 8 +- .../mixed/webkit_session_resource_log.py | 8 +- mvt/ios/modules/mixed/whatsapp.py | 6 +- mvt/ios/modules/net_base.py | 8 +- 41 files changed, 195 insertions(+), 207 deletions(-) create mode 100644 mvt/ios/cmd_check_backup.py create mode 100644 mvt/ios/cmd_check_fs.py diff --git a/mvt/android/cli.py b/mvt/android/cli.py index d8bd05b..8cba92c 100644 --- a/mvt/android/cli.py +++ b/mvt/android/cli.py @@ -9,15 +9,15 @@ import os import click from rich.logging import RichHandler -from mvt.android.cmd_check_adb import CmdAndroidCheckADB -from mvt.android.cmd_check_backup import CmdAndroidCheckBackup -from mvt.android.cmd_check_bugreport import CmdAndroidCheckBugreport from mvt.common.help import (HELP_MSG_FAST, HELP_MSG_IOC, HELP_MSG_LIST_MODULES, HELP_MSG_MODULE, HELP_MSG_OUTPUT, HELP_MSG_SERIAL) from mvt.common.indicators import Indicators, download_indicators_files from mvt.common.logo import logo +from .cmd_check_adb import CmdAndroidCheckADB +from .cmd_check_backup import CmdAndroidCheckBackup +from .cmd_check_bugreport import CmdAndroidCheckBugreport from .cmd_download_apks import DownloadAPKs from .modules.adb import ADB_MODULES from .modules.adb.packages import Packages diff --git a/mvt/ios/cli.py b/mvt/ios/cli.py index 951b241..26bba39 100644 --- a/mvt/ios/cli.py +++ b/mvt/ios/cli.py @@ -15,9 +15,10 @@ from mvt.common.help import (HELP_MSG_FAST, HELP_MSG_IOC, HELP_MSG_OUTPUT) from mvt.common.indicators import Indicators, download_indicators_files from mvt.common.logo import logo -from mvt.common.module import run_module, save_timeline from mvt.common.options import MutuallyExclusiveOption +from .cmd_check_backup import CmdIOSCheckBackup +from .cmd_check_fs import CmdIOSCheckFS from .decrypt import DecryptBackup from .modules.backup import BACKUP_MODULES from .modules.fs import FS_MODULES @@ -140,51 +141,20 @@ def extract_key(password, backup_path, key_file): @click.argument("BACKUP_PATH", type=click.Path(exists=True)) @click.pass_context def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module): - if list_modules: - log.info("Following is the list of available check-backup modules:") - for backup_module in BACKUP_MODULES + MIXED_MODULES: - log.info(" - %s", backup_module.__name__) + cmd = CmdIOSCheckBackup(target_path=backup_path, results_path=output, + ioc_files=iocs, module_name=module, fast_mode=fast) + if list_modules: + cmd.list_modules() return log.info("Checking iTunes backup located at: %s", backup_path) - if output and not os.path.exists(output): - try: - os.makedirs(output) - except Exception as e: - log.critical("Unable to create output folder %s: %s", output, e) - ctx.exit(1) + cmd.run() - indicators = Indicators(log=log) - indicators.load_indicators_files(iocs) - - timeline = [] - timeline_detected = [] - for backup_module in BACKUP_MODULES + MIXED_MODULES: - if module and backup_module.__name__ != module: - continue - - m = backup_module(base_folder=backup_path, output_folder=output, fast_mode=fast, - log=logging.getLogger(backup_module.__module__)) - m.is_backup = True - if indicators.total_ioc_count > 0: - m.indicators = indicators - m.indicators.log = m.log - - run_module(m) - timeline.extend(m.timeline) - timeline_detected.extend(m.timeline_detected) - - if output: - if len(timeline) > 0: - save_timeline(timeline, os.path.join(output, "timeline.csv")) - if len(timeline_detected) > 0: - save_timeline(timeline_detected, os.path.join(output, "timeline_detected.csv")) - - if len(timeline_detected) > 0: + if len(cmd.timeline_detected) > 0: log.warning("The analysis of the backup produced %d detections!", - len(timeline_detected)) + len(cmd.timeline_detected)) #============================================================================== @@ -200,52 +170,20 @@ def check_backup(ctx, iocs, output, fast, backup_path, list_modules, module): @click.argument("DUMP_PATH", type=click.Path(exists=True)) @click.pass_context def check_fs(ctx, iocs, output, fast, dump_path, list_modules, module): - if list_modules: - log.info("Following is the list of available check-fs modules:") - for fs_module in FS_MODULES + MIXED_MODULES: - log.info(" - %s", fs_module.__name__) + cmd = CmdIOSCheckFS(target_path=dump_path, results_path=output, + ioc_files=iocs, module_name=module, fast_mode=fast) + if list_modules: + cmd.list_modules() return - log.info("Checking filesystem dump located at: %s", dump_path) + log.info("Checking iOS filesystem located at: %s", dump_path) - if output and not os.path.exists(output): - try: - os.makedirs(output) - except Exception as e: - log.critical("Unable to create output folder %s: %s", output, e) - ctx.exit(1) + cmd.run() - indicators = Indicators(log=log) - indicators.load_indicators_files(iocs) - - timeline = [] - timeline_detected = [] - for fs_module in FS_MODULES + MIXED_MODULES: - if module and fs_module.__name__ != module: - continue - - m = fs_module(base_folder=dump_path, output_folder=output, fast_mode=fast, - log=logging.getLogger(fs_module.__module__)) - - m.is_fs_dump = True - if indicators.total_ioc_count > 0: - m.indicators = indicators - m.indicators.log = m.log - - run_module(m) - timeline.extend(m.timeline) - timeline_detected.extend(m.timeline_detected) - - if output: - if len(timeline) > 0: - save_timeline(timeline, os.path.join(output, "timeline.csv")) - if len(timeline_detected) > 0: - save_timeline(timeline_detected, os.path.join(output, "timeline_detected.csv")) - - if len(timeline_detected) > 0: - log.warning("The analysis of the filesystem produced %d detections!", - len(timeline_detected)) + if len(cmd.timeline_detected) > 0: + log.warning("The analysis of the iOS filesystem produced %d detections!", + len(cmd.timeline_detected)) #============================================================================== diff --git a/mvt/ios/cmd_check_backup.py b/mvt/ios/cmd_check_backup.py new file mode 100644 index 0000000..6b1f41d --- /dev/null +++ b/mvt/ios/cmd_check_backup.py @@ -0,0 +1,25 @@ +# Mobile Verification Toolkit (MVT) +# Copyright (c) 2021-2022 Claudio Guarnieri. +# Use of this software is governed by the MVT License 1.1 that can be found at +# https://license.mvt.re/1.1/ + +import logging + +from mvt.common.command import Command + +from .modules.backup import BACKUP_MODULES +from .modules.mixed import MIXED_MODULES + +log = logging.getLogger(__name__) + + +class CmdIOSCheckBackup(Command): + + name = "check-backup" + modules = BACKUP_MODULES + MIXED_MODULES + + def __init__(self, target_path=None, results_path=None, ioc_files=[], + module_name=None, serial=None, fast_mode=False): + super().__init__(target_path=target_path, results_path=results_path, + ioc_files=ioc_files, module_name=module_name, + serial=serial, fast_mode=fast_mode, log=log) diff --git a/mvt/ios/cmd_check_fs.py b/mvt/ios/cmd_check_fs.py new file mode 100644 index 0000000..b823184 --- /dev/null +++ b/mvt/ios/cmd_check_fs.py @@ -0,0 +1,25 @@ +# Mobile Verification Toolkit (MVT) +# Copyright (c) 2021-2022 Claudio Guarnieri. +# Use of this software is governed by the MVT License 1.1 that can be found at +# https://license.mvt.re/1.1/ + +import logging + +from mvt.common.command import Command + +from .modules.fs import FS_MODULES +from .modules.mixed import MIXED_MODULES + +log = logging.getLogger(__name__) + + +class CmdIOSChecKFS(Command): + + name = "check-fs" + modules = FS_MODULES + MIXED_MODULES + + def __init__(self, target_path=None, results_path=None, ioc_files=[], + module_name=None, serial=None, fast_mode=False): + super().__init__(target_path=target_path, results_path=results_path, + ioc_files=ioc_files, module_name=module_name, + serial=serial, fast_mode=fast_mode, log=log) diff --git a/mvt/ios/modules/backup/backup_info.py b/mvt/ios/modules/backup/backup_info.py index 4ef81be..1608d89 100644 --- a/mvt/ios/modules/backup/backup_info.py +++ b/mvt/ios/modules/backup/backup_info.py @@ -15,16 +15,16 @@ from ..base import IOSExtraction class BackupInfo(IOSExtraction): """This module extracts information about the device and the backup.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.results = {} def run(self): - info_path = os.path.join(self.base_folder, "Info.plist") + info_path = os.path.join(self.target_path, "Info.plist") if not os.path.exists(info_path): raise DatabaseNotFoundError("No Info.plist at backup path, unable to extract device information") diff --git a/mvt/ios/modules/backup/configuration_profiles.py b/mvt/ios/modules/backup/configuration_profiles.py index 844cdaa..98cf9e1 100644 --- a/mvt/ios/modules/backup/configuration_profiles.py +++ b/mvt/ios/modules/backup/configuration_profiles.py @@ -17,10 +17,10 @@ CONF_PROFILES_DOMAIN = "SysSharedContainerDomain-systemgroup.com.apple.configura class ConfigurationProfiles(IOSExtraction): """This module extracts the full plist data from configuration profiles.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/backup/manifest.py b/mvt/ios/modules/backup/manifest.py index b11c280..fc7e75a 100644 --- a/mvt/ios/modules/backup/manifest.py +++ b/mvt/ios/modules/backup/manifest.py @@ -18,10 +18,10 @@ from ..base import IOSExtraction class Manifest(IOSExtraction): """This module extracts information from a backup Manifest.db file.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def _get_key(self, dictionary, key): @@ -93,7 +93,7 @@ class Manifest(IOSExtraction): self.detected.append(result) def run(self): - manifest_db_path = os.path.join(self.base_folder, "Manifest.db") + manifest_db_path = os.path.join(self.target_path, "Manifest.db") if not os.path.isfile(manifest_db_path): raise DatabaseNotFoundError("unable to find backup's Manifest.db") diff --git a/mvt/ios/modules/backup/profile_events.py b/mvt/ios/modules/backup/profile_events.py index c311c03..81036d4 100644 --- a/mvt/ios/modules/backup/profile_events.py +++ b/mvt/ios/modules/backup/profile_events.py @@ -19,10 +19,10 @@ class ProfileEvents(IOSExtraction): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/base.py b/mvt/ios/modules/base.py index bd2b498..e542877 100644 --- a/mvt/ios/modules/base.py +++ b/mvt/ios/modules/base.py @@ -16,10 +16,10 @@ from mvt.common.module import (DatabaseCorruptedError, DatabaseNotFoundError, class IOSExtraction(MVTModule): """This class provides a base for all iOS filesystem/backup extraction modules.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.is_backup = False @@ -73,7 +73,7 @@ class IOSExtraction(MVTModule): :param domain: Domain to use as filter from Manifest.db. (Default value = None) """ - manifest_db_path = os.path.join(self.base_folder, "Manifest.db") + manifest_db_path = os.path.join(self.target_path, "Manifest.db") if not os.path.exists(manifest_db_path): raise DatabaseNotFoundError("unable to find backup's Manifest.db") @@ -101,7 +101,7 @@ class IOSExtraction(MVTModule): } def _get_backup_file_from_id(self, file_id): - file_path = os.path.join(self.base_folder, file_id[0:2], file_id) + file_path = os.path.join(self.target_path, file_id[0:2], file_id) if os.path.exists(file_path): return file_path @@ -109,7 +109,7 @@ class IOSExtraction(MVTModule): def _get_fs_files_from_patterns(self, root_paths): for root_path in root_paths: - for found_path in glob.glob(os.path.join(self.base_folder, root_path)): + for found_path in glob.glob(os.path.join(self.target_path, root_path)): if not os.path.exists(found_path): continue diff --git a/mvt/ios/modules/fs/analytics.py b/mvt/ios/modules/fs/analytics.py index 6d64e9b..7761d60 100644 --- a/mvt/ios/modules/fs/analytics.py +++ b/mvt/ios/modules/fs/analytics.py @@ -18,10 +18,10 @@ ANALYTICS_DB_PATH = [ class Analytics(IOSExtraction): """This module extracts information from the private/var/Keychains/Analytics/*.db files.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/cache_files.py b/mvt/ios/modules/fs/cache_files.py index 21405e4..0277449 100644 --- a/mvt/ios/modules/fs/cache_files.py +++ b/mvt/ios/modules/fs/cache_files.py @@ -11,10 +11,10 @@ from ..base import IOSExtraction class CacheFiles(IOSExtraction): - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): @@ -55,7 +55,7 @@ class CacheFiles(IOSExtraction): except sqlite3.OperationalError: return - key_name = os.path.relpath(file_path, self.base_folder) + key_name = os.path.relpath(file_path, self.target_path) if key_name not in self.results: self.results[key_name] = [] @@ -71,7 +71,7 @@ class CacheFiles(IOSExtraction): def run(self): self.results = {} - for root, dirs, files in os.walk(self.base_folder): + for root, dirs, files in os.walk(self.target_path): for file_name in files: if file_name != "Cache.db": continue diff --git a/mvt/ios/modules/fs/filesystem.py b/mvt/ios/modules/fs/filesystem.py index 4a3672e..538fa30 100644 --- a/mvt/ios/modules/fs/filesystem.py +++ b/mvt/ios/modules/fs/filesystem.py @@ -18,10 +18,10 @@ class Filesystem(IOSExtraction): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): @@ -58,12 +58,12 @@ class Filesystem(IOSExtraction): self.detected.append(result) def run(self): - for root, dirs, files in os.walk(self.base_folder): + for root, dirs, files in os.walk(self.target_path): for dir_name in dirs: try: dir_path = os.path.join(root, dir_name) result = { - "path": os.path.relpath(dir_path, self.base_folder), + "path": os.path.relpath(dir_path, self.target_path), "modified": convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(dir_path).st_mtime)), } except Exception: @@ -75,7 +75,7 @@ class Filesystem(IOSExtraction): try: file_path = os.path.join(root, file_name) result = { - "path": os.path.relpath(file_path, self.base_folder), + "path": os.path.relpath(file_path, self.target_path), "modified": convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(file_path).st_mtime)), } except Exception: diff --git a/mvt/ios/modules/fs/net_netusage.py b/mvt/ios/modules/fs/net_netusage.py index e768643..c860a96 100644 --- a/mvt/ios/modules/fs/net_netusage.py +++ b/mvt/ios/modules/fs/net_netusage.py @@ -20,10 +20,10 @@ class Netusage(NetBase): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def run(self): diff --git a/mvt/ios/modules/fs/safari_favicon.py b/mvt/ios/modules/fs/safari_favicon.py index 7bae6d9..941ab5d 100644 --- a/mvt/ios/modules/fs/safari_favicon.py +++ b/mvt/ios/modules/fs/safari_favicon.py @@ -18,10 +18,10 @@ SAFARI_FAVICON_ROOT_PATHS = [ class SafariFavicon(IOSExtraction): """This module extracts all Safari favicon records.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/shutdownlog.py b/mvt/ios/modules/fs/shutdownlog.py index ae9093d..ef9d170 100644 --- a/mvt/ios/modules/fs/shutdownlog.py +++ b/mvt/ios/modules/fs/shutdownlog.py @@ -15,10 +15,10 @@ SHUTDOWN_LOG_PATH = [ class ShutdownLog(IOSExtraction): """This module extracts processes information from the shutdown log file.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/version_history.py b/mvt/ios/modules/fs/version_history.py index 66ff9b7..be5bd4c 100644 --- a/mvt/ios/modules/fs/version_history.py +++ b/mvt/ios/modules/fs/version_history.py @@ -18,10 +18,10 @@ IOS_ANALYTICS_JOURNAL_PATHS = [ class IOSVersionHistory(IOSExtraction): """This module extracts iOS update history from Analytics Journal log files.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/webkit_base.py b/mvt/ios/modules/fs/webkit_base.py index a155c4f..88b32d8 100644 --- a/mvt/ios/modules/fs/webkit_base.py +++ b/mvt/ios/modules/fs/webkit_base.py @@ -26,7 +26,7 @@ class WebkitBase(IOSExtraction): def _process_webkit_folder(self, root_paths): for found_path in self._get_fs_files_from_patterns(root_paths): - key = os.path.relpath(found_path, self.base_folder) + key = os.path.relpath(found_path, self.target_path) for name in os.listdir(found_path): if not name.startswith("http"): diff --git a/mvt/ios/modules/fs/webkit_indexeddb.py b/mvt/ios/modules/fs/webkit_indexeddb.py index 3c23317..4745e76 100644 --- a/mvt/ios/modules/fs/webkit_indexeddb.py +++ b/mvt/ios/modules/fs/webkit_indexeddb.py @@ -19,10 +19,10 @@ class WebkitIndexedDB(WebkitBase): slug = "webkit_indexeddb" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/webkit_localstorage.py b/mvt/ios/modules/fs/webkit_localstorage.py index 963bd42..323a8bb 100644 --- a/mvt/ios/modules/fs/webkit_localstorage.py +++ b/mvt/ios/modules/fs/webkit_localstorage.py @@ -17,10 +17,10 @@ class WebkitLocalStorage(WebkitBase): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/fs/webkit_safariviewservice.py b/mvt/ios/modules/fs/webkit_safariviewservice.py index 5c77ddf..56a9863 100644 --- a/mvt/ios/modules/fs/webkit_safariviewservice.py +++ b/mvt/ios/modules/fs/webkit_safariviewservice.py @@ -17,10 +17,10 @@ class WebkitSafariViewService(WebkitBase): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def run(self): diff --git a/mvt/ios/modules/mixed/calls.py b/mvt/ios/modules/mixed/calls.py index e540eec..53688f2 100644 --- a/mvt/ios/modules/mixed/calls.py +++ b/mvt/ios/modules/mixed/calls.py @@ -20,10 +20,10 @@ CALLS_ROOT_PATHS = [ class Calls(IOSExtraction): """This module extracts phone calls details""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/chrome_favicon.py b/mvt/ios/modules/mixed/chrome_favicon.py index 3fd8c26..3941638 100644 --- a/mvt/ios/modules/mixed/chrome_favicon.py +++ b/mvt/ios/modules/mixed/chrome_favicon.py @@ -23,10 +23,10 @@ CHROME_FAVICON_ROOT_PATHS = [ class ChromeFavicon(IOSExtraction): """This module extracts all Chrome favicon records.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/chrome_history.py b/mvt/ios/modules/mixed/chrome_history.py index c37e478..c44d2c9 100644 --- a/mvt/ios/modules/mixed/chrome_history.py +++ b/mvt/ios/modules/mixed/chrome_history.py @@ -22,10 +22,10 @@ CHROME_HISTORY_ROOT_PATHS = [ class ChromeHistory(IOSExtraction): """This module extracts all Chome visits.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/contacts.py b/mvt/ios/modules/mixed/contacts.py index 6b781bd..dc2cf40 100644 --- a/mvt/ios/modules/mixed/contacts.py +++ b/mvt/ios/modules/mixed/contacts.py @@ -18,10 +18,10 @@ CONTACTS_ROOT_PATHS = [ class Contacts(IOSExtraction): """This module extracts all contact details from the phone's address book.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def run(self): diff --git a/mvt/ios/modules/mixed/firefox_favicon.py b/mvt/ios/modules/mixed/firefox_favicon.py index 28e535c..7af9678 100644 --- a/mvt/ios/modules/mixed/firefox_favicon.py +++ b/mvt/ios/modules/mixed/firefox_favicon.py @@ -21,10 +21,10 @@ FIREFOX_HISTORY_ROOT_PATHS = [ class FirefoxFavicon(IOSExtraction): """This module extracts all Firefox favicon""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/firefox_history.py b/mvt/ios/modules/mixed/firefox_history.py index 0d0d92f..b6f50b9 100644 --- a/mvt/ios/modules/mixed/firefox_history.py +++ b/mvt/ios/modules/mixed/firefox_history.py @@ -25,10 +25,10 @@ class FirefoxHistory(IOSExtraction): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/idstatuscache.py b/mvt/ios/modules/mixed/idstatuscache.py index 4f95b61..8e9df3e 100644 --- a/mvt/ios/modules/mixed/idstatuscache.py +++ b/mvt/ios/modules/mixed/idstatuscache.py @@ -22,10 +22,10 @@ IDSTATUSCACHE_ROOT_PATHS = [ class IDStatusCache(IOSExtraction): """Extracts Apple Authentication information from idstatuscache.plist""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/interactionc.py b/mvt/ios/modules/mixed/interactionc.py index 434c308..e16e58a 100644 --- a/mvt/ios/modules/mixed/interactionc.py +++ b/mvt/ios/modules/mixed/interactionc.py @@ -20,10 +20,10 @@ INTERACTIONC_ROOT_PATHS = [ class InteractionC(IOSExtraction): """This module extracts data from InteractionC db.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.timestamps = [ diff --git a/mvt/ios/modules/mixed/locationd.py b/mvt/ios/modules/mixed/locationd.py index 1617bc7..c2576f3 100644 --- a/mvt/ios/modules/mixed/locationd.py +++ b/mvt/ios/modules/mixed/locationd.py @@ -21,10 +21,10 @@ LOCATIOND_ROOT_PATHS = [ class LocationdClients(IOSExtraction): """Extract information from apps who used geolocation.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.timestamps = [ diff --git a/mvt/ios/modules/mixed/net_datausage.py b/mvt/ios/modules/mixed/net_datausage.py index c653ba8..4b63842 100644 --- a/mvt/ios/modules/mixed/net_datausage.py +++ b/mvt/ios/modules/mixed/net_datausage.py @@ -20,10 +20,10 @@ class Datausage(NetBase): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def run(self): diff --git a/mvt/ios/modules/mixed/osanalytics_addaily.py b/mvt/ios/modules/mixed/osanalytics_addaily.py index bcb592e..1c12e02 100644 --- a/mvt/ios/modules/mixed/osanalytics_addaily.py +++ b/mvt/ios/modules/mixed/osanalytics_addaily.py @@ -20,10 +20,10 @@ OSANALYTICS_ADDAILY_ROOT_PATHS = [ class OSAnalyticsADDaily(IOSExtraction): """Extract network usage information by process, from com.apple.osanalytics.addaily.plist""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/safari_browserstate.py b/mvt/ios/modules/mixed/safari_browserstate.py index 32140b4..d1a6a7f 100644 --- a/mvt/ios/modules/mixed/safari_browserstate.py +++ b/mvt/ios/modules/mixed/safari_browserstate.py @@ -23,10 +23,10 @@ SAFARI_BROWSER_STATE_ROOT_PATHS = [ class SafariBrowserState(IOSExtraction): """This module extracts all Safari browser state records.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self._session_history_count = 0 @@ -115,7 +115,7 @@ class SafariBrowserState(IOSExtraction): "tab_visible_url": row[2], "last_viewed_timestamp": convert_timestamp_to_iso(convert_mactime_to_unix(row[3])), "session_data": session_entries, - "safari_browser_state_db": os.path.relpath(db_path, self.base_folder), + "safari_browser_state_db": os.path.relpath(db_path, self.target_path), }) def run(self): diff --git a/mvt/ios/modules/mixed/safari_history.py b/mvt/ios/modules/mixed/safari_history.py index 976fcdb..64c39d5 100644 --- a/mvt/ios/modules/mixed/safari_history.py +++ b/mvt/ios/modules/mixed/safari_history.py @@ -25,10 +25,10 @@ class SafariHistory(IOSExtraction): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): @@ -111,7 +111,7 @@ class SafariHistory(IOSExtraction): "isodate": convert_timestamp_to_iso(convert_mactime_to_unix(row[3])), "redirect_source": row[4], "redirect_destination": row[5], - "safari_history_db": os.path.relpath(history_path, self.base_folder), + "safari_history_db": os.path.relpath(history_path, self.target_path), }) cur.close() diff --git a/mvt/ios/modules/mixed/shortcuts.py b/mvt/ios/modules/mixed/shortcuts.py index 4d096c8..b9c3655 100644 --- a/mvt/ios/modules/mixed/shortcuts.py +++ b/mvt/ios/modules/mixed/shortcuts.py @@ -24,10 +24,10 @@ SHORTCUT_ROOT_PATHS = [ class Shortcuts(IOSExtraction): """This module extracts all info about SMS/iMessage attachments.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/sms.py b/mvt/ios/modules/mixed/sms.py index 7358371..5a88256 100644 --- a/mvt/ios/modules/mixed/sms.py +++ b/mvt/ios/modules/mixed/sms.py @@ -22,10 +22,10 @@ SMS_ROOT_PATHS = [ class SMS(IOSExtraction): """This module extracts all SMS messages containing links.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/sms_attachments.py b/mvt/ios/modules/mixed/sms_attachments.py index 03e7d78..0f6ba39 100644 --- a/mvt/ios/modules/mixed/sms_attachments.py +++ b/mvt/ios/modules/mixed/sms_attachments.py @@ -21,10 +21,10 @@ SMS_ROOT_PATHS = [ class SMSAttachments(IOSExtraction): """This module extracts all info about SMS/iMessage attachments.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/tcc.py b/mvt/ios/modules/mixed/tcc.py index 9368d10..226a0d3 100644 --- a/mvt/ios/modules/mixed/tcc.py +++ b/mvt/ios/modules/mixed/tcc.py @@ -47,10 +47,10 @@ AUTH_REASONS = { class TCC(IOSExtraction): """This module extracts records from the TCC.db SQLite database.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/mixed/webkit_resource_load_statistics.py b/mvt/ios/modules/mixed/webkit_resource_load_statistics.py index 40de3b0..12fc08c 100644 --- a/mvt/ios/modules/mixed/webkit_resource_load_statistics.py +++ b/mvt/ios/modules/mixed/webkit_resource_load_statistics.py @@ -22,10 +22,10 @@ class WebkitResourceLoadStatistics(IOSExtraction): """This module extracts records from WebKit ResourceLoadStatistics observations.db.""" # TODO: Add serialize(). - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.results = {} if not results else results @@ -85,4 +85,4 @@ class WebkitResourceLoadStatistics(IOSExtraction): self.log.info("Unable to search for WebKit observations.db: %s", e) elif self.is_fs_dump: for db_path in self._get_fs_files_from_patterns(WEBKIT_RESOURCELOADSTATICS_ROOT_PATHS): - self._process_observations_db(db_path=db_path, key=os.path.relpath(db_path, self.base_folder)) + self._process_observations_db(db_path=db_path, key=os.path.relpath(db_path, self.target_path)) diff --git a/mvt/ios/modules/mixed/webkit_session_resource_log.py b/mvt/ios/modules/mixed/webkit_session_resource_log.py index f63c97a..5106d86 100644 --- a/mvt/ios/modules/mixed/webkit_session_resource_log.py +++ b/mvt/ios/modules/mixed/webkit_session_resource_log.py @@ -29,10 +29,10 @@ class WebkitSessionResourceLog(IOSExtraction): """ - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) self.results = {} if not results else results @@ -128,7 +128,7 @@ class WebkitSessionResourceLog(IOSExtraction): elif self.is_fs_dump: for log_path in self._get_fs_files_from_patterns(WEBKIT_SESSION_RESOURCE_LOG_ROOT_PATHS): self.log.info("Found Safari browsing session resource log at path: %s", log_path) - key = os.path.relpath(log_path, self.base_folder) + key = os.path.relpath(log_path, self.target_path) self.results[key] = self._extract_browsing_stats(log_path) self.log.info("Extracted records from %d Safari browsing session resource logs", diff --git a/mvt/ios/modules/mixed/whatsapp.py b/mvt/ios/modules/mixed/whatsapp.py index 3645dfb..6c1b6aa 100644 --- a/mvt/ios/modules/mixed/whatsapp.py +++ b/mvt/ios/modules/mixed/whatsapp.py @@ -24,10 +24,10 @@ WHATSAPP_ROOT_PATHS = [ class Whatsapp(IOSExtraction): """This module extracts all WhatsApp messages containing links.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def serialize(self, record): diff --git a/mvt/ios/modules/net_base.py b/mvt/ios/modules/net_base.py index 20cbe3a..5cb53ed 100644 --- a/mvt/ios/modules/net_base.py +++ b/mvt/ios/modules/net_base.py @@ -15,10 +15,10 @@ from .base import IOSExtraction class NetBase(IOSExtraction): """This class provides a base for DataUsage and NetUsage extraction modules.""" - def __init__(self, file_path=None, base_folder=None, output_folder=None, + def __init__(self, file_path=None, target_path=None, results_path=None, fast_mode=False, log=None, results=[]): - super().__init__(file_path=file_path, base_folder=base_folder, - output_folder=output_folder, fast_mode=fast_mode, + super().__init__(file_path=file_path, target_path=target_path, + results_path=results_path, fast_mode=fast_mode, log=log, results=results) def _extract_net_data(self): @@ -124,7 +124,7 @@ class NetBase(IOSExtraction): self.log.info("Extended search for suspicious processes ...") files = [] - for posix_path in Path(self.base_folder).rglob("*"): + for posix_path in Path(self.target_path).rglob("*"): try: if not posix_path.is_file(): continue